JP2006174466A - Believably trustworthy enforcement of privacy enhancing technologies in data processing - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide systems and methods for trustworthy enforcement of privacy enhancing technologies within a data processing system. <P>SOLUTION: The systems and methods for trustworthy enforcement of privacy enhancing technologies within a data processing system enable data processing systems to communicate a believable statement that privacy is being protected in a trustworthy fashion. The invention includes providing for trustworthy enforcement of privacy enhancing technologies by establishing a standardized scheme for a privacy certification and routine inspection of data processing systems implementing privacy enhancing technologies. The regime of certification and inspection may be coupled with other technologies such as cryptography, tamper-evident computing, and routine security enforcement. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates generally to computer data processing, and more particularly to the implementation of encryption techniques in data processing.

  Encryption techniques are used to provide data processing confidentiality by ensuring that computer software and hardware operate according to a policy to ensure data confidentiality. Such techniques include, for example, encryption, tamper evident computing systems or runtime security implementation mechanisms. However, it is not possible to construct a highly reliable data processing system simply by implementing encryption technology, and confidentiality may not be ensured. In order to build a highly reliable system, encryption technology should be combined with assurance that the technology will be implemented reliably. If encryption techniques are guaranteed to be implemented, a credible statement of privacy protection can be issued. This statement is trustworthy because the execution of cryptographic technology assistance ensures that the technology has not changed or will not change due to interactions with other entities or systems.

  It will be difficult to protect privacy and ensure that the encryption technology and the system protected by it are not compromised. In a data processing environment, information can be easily replicated and disseminated. In order to protect privacy, not only the current information but also past and future information forms should be managed. However, due to the complexity of computer systems, it is difficult to guess its past and future behavior. At some point, even if we were able to prove that a well-behaved software (only that software) already known to work on a computer system (for example, by careful physical inspection or managed configuration) It has been operating properly in the past, and it is impossible to guarantee that it will continue to operate properly in the future. This problem becomes more serious when data processing is performed on a networked general purpose computer. Not only do computers continually replicate information and perhaps provide it to interested parties such as administrators and backup operators, but any networked computer can be a worm, virus or simple operator that can compromise privacy. You are at risk of malicious or carelessness due to errors, etc. It can be difficult to protect privacy, and therefore it can be difficult to make a credible statement about the reliability of privacy protection in a data processing system.

  Thus, there is a need for reliable and reliable privacy protection in data processing systems, including, for example, reliable execution of encryption techniques implemented in such systems.

  The present invention includes systems and methods for reliable execution of encryption techniques in data processing systems. The present invention allows a data processing system to communicate a credible statement that privacy is protected in a reliable manner. The present invention includes achieving reliable implementation of encryption technology by establishing a standardized scheme for initial privacy authentication and subsequent periodic inspection of data processing systems that implement encryption technology. It is. The form of authentication and inspection may be combined with other technologies such as encryption, tamper-evident computing and runtime protection.

  According to the present invention, the data processing system can issue a reliable and reliable statement to the parties that the encryption technology is implemented and executed. The present invention allows an end user of such a system to trust the reliability of the system and therefore wants to join the system as a user. According to the method of the present invention, due to the physical security characteristics of the data processing system and evidence of tampering, different entities may be physically distributed on the network, for example, or temporarily distributed by backup or restore cycles, etc. If so, you can establish trust in the system. If physical observation or verification is not feasible (for example, in the case of a physically distributed system), the present invention can leave the physical inspection and verification to a trusted authentication or control organization.

  The foregoing summary, as well as the following detailed description of embodiments, is better understood when read in conjunction with the appended drawings. In order to explain the present invention, structural examples of the present invention are shown in the drawings, but the present invention is not limited to the specific methods and means disclosed.

(Example of computing environment)
FIG. 1 and the following description provide a brief overview of a computing environment suitable for implementing embodiments of the present invention. However, it should be understood that handheld, portable and any other type of computing device can be used in connection with the present invention. Although a general purpose computer is described below, this is only an example. The present invention can also be realized on a small and lightweight client having interoperability and interaction with a network server. For this reason, the embodiment of the present invention can also be realized in a network host service environment in which client resources are hardly or only slightly related, such as a network environment in which a client device simply functions as a browser or an interface with World Wide Web. .

  Although not a requirement, the present invention can be implemented through an application programming interface (API) and / or included in network browsing software for use by developers and testers, including: Or, described below in the general context of computer-executable instructions, such as program modules, executed by a plurality of computers (eg, client workstations, servers, or other devices). Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. In general, the functionality of the program modules is combined or distributed as desired in various embodiments. Moreover, those skilled in the art will appreciate that the invention may be practiced with other computer system configurations. Other well known computing systems, environments and / or configurations suitable for use with the present invention include, but are not limited to, personal computers (PCs), automated teller machines, server computers, handhelds or There are laptop devices, multiprocessor systems, microprocessor-based systems, programmable consumer electronics, network PCs, minicomputers, mainframe computers and the like. Embodiments of the invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network or other data transmission medium. In a distributed computing environment, program modules can be located in both local and remote computer storage media including memory storage devices.

  As described above, FIG. 1 illustrates an example of a suitable computing system environment 100 in which the present invention can be implemented. As described above, the computing system environment 100 is merely an example of a suitable computing environment, No limitation is implied regarding the scope of use or functionality of the invention. Neither should the computing environment 100 be interpreted as having any dependency or requirement relating to any one or combination of components illustrated in the exemplary operating environment 100.

  With reference to FIG. 1, an exemplary system for implementing the invention includes a general purpose computing device in the form of a computer 110. The components of the computer 110 include, for example, a processing device 120, a system memory 130, and a system bus 121 that couples various system components such as the system memory to the processing device 120. The system bus 121 may be any of various bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of various bus architectures. For example, but not limited to, such architectures include an ISA (Industry Standard Architecture) bus, an MCA (Micro Channel Architecture) bus, an EISA (Enhanced ISA) bus, and a VESA (Video Electronics Standards bus). A Peripheral Component Interconnect bus (also called a mezzanine bus).

  Computer 110 typically includes a variety of computer readable media. Computer readable media can be any available media that can be accessed by computer 110 and includes both volatile and nonvolatile media, removable and non-removable media. For example, without limitation, computer-readable media include computer storage media and communication media. Computer storage media includes computer readable instructions, data structures, program modules or other volatile and non-volatile, removable and fixed media implemented by any method or technique for storing information such as data There is. Computer storage media include, but are not limited to, random access memory (RAM), read only memory (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, compact disk read only. A computer (110) that can be used to store memory (CDROM), digital multipurpose disc (DVD) or other optical disc storage device, magnetic cassette, magnetic tape, magnetic disc storage device or other magnetic storage device, or desired information There are other accessible media. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transmission media and includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encrypt information in the signal. For example, but not limited to, communication media includes wired media such as wired networks or direct-wired connections, and wireless media such as acoustic, radio frequency (RF), infrared, and other wireless media. Including. Combinations of any of the above are also included within the scope of computer-readable media.

  The system memory 130 includes computer storage media in the form of volatile and / or nonvolatile memory such as ROM 131 and RAM 132. A basic input / output system 133 (BIOS) that contains basic routines that help communicate information between elements within the computer 110, such as during startup, is typically stored in the ROM 131. RAM 132 typically contains data and / or program modules that are immediately accessible to and / or presently being operated on by processing unit 120. For example, without limitation, FIG. 1 shows an operating system 134, application programs 135, other program modules 136, and program data 137. The RAM 132 may include other data and / or program modules.

  Computer 110 may also include removable / non-removable, volatile / nonvolatile computer storage media other than those described above. For example, FIG. 1 shows a hard disk drive 141 that reads and writes a fixed nonvolatile magnetic medium, a magnetic disk drive 151 that reads and writes a removable nonvolatile magnetic disk 152, a CD ROM, and other optical media. An optical disk drive 155 that reads from and writes to a removable non-volatile optical disk 156 is shown. Other than the above, removable / fixed, volatile / nonvolatile computer storage media that can be used in the illustrated example operating environment include, but are not limited to, magnetic tape cassettes, flash memory cards, digital versatile disks, digital There are videotapes, solid state RAM, solid state ROM and others. The hard disk drive 141 is usually connected to the system bus 121 through a fixed memory interface such as the interface 140, and the magnetic disk drive 151 and the optical disk drive 155 are usually connected to the system bus 121 through a removable memory interface such as the interface 150. .

  The drives described above and illustrated in FIG. 1 and associated computer storage media provide storage of computer readable instructions, data structures, program modules, and other data for computer 110. In FIG. 1, for example, the hard disk drive 141 is depicted as storing an operating system 144, application programs 145, other program modules 146, and program data 147. Note that these components can either be the same as or different from operating system 134, application programs 135, other program modules 136, and program data 137. In the present application, different numbers are assigned to the operating system 144, the application program 145, the other program modules 146, and the program data 147 to indicate that they are at least different copies. A user can enter commands and information into the computer 110 through a keyboard 162 and pointing device 161, commonly referred to as a mouse, trackball or touch pad. Other input devices (not shown) include a microphone, joystick, game pad, satellite dish, scanner, and the like. These and other input devices are often connected to the processing device 120 through a user input interface 160 coupled to the system bus 121, but other interfaces and bus structures such as parallel ports, game ports or universal serial bus (USB). You may connect by.

  A monitor 191 or other type of display device is also connected to the system bus 121 through an interface, such as a video interface 190. In addition to the monitor 191, the computer may include other peripheral output devices such as a speaker 197 and a printer 196, which may be connected through an output peripheral interface 195.

  Computer 110 may operate in a network environment using logical connections with one or more remote computers, such as remote computer 180. Remote computer 180 may be a personal computer, server, router, network PC, peer device, or other common network node, and generally includes many or all of the elements already described in connection with computer 110. However, only the memory storage device 181 is depicted in FIG. The logical connections in FIG. 1 include a local area network (LAN) 171 and a wide area network (WAN) 173, but may include other networks. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet.

  When used in a LAN networking environment, the computer 110 is connected to the LAN 171 through a network interface or adapter 170. When used in a WAN networking environment, the computer 110 typically includes a modem 172 or other means for establishing communications over the WAN 173, such as the Internet. The modem 172 may be internal or external, but may be connected to the system bus 121 through the user input interface 160 or other suitable mechanism. In a network environment, the program modules described in connection with computer 110 or portions thereof may be stored in a remote memory storage device. For example, without limitation, in FIG. 1, the remote application program 185 is depicted as being on the memory device 181. It will be appreciated that the network connections shown are examples and other means for establishing communications between the computers can be utilized.

  Those skilled in the art will appreciate that a computer 110 or other client device can be deployed as part of a computer network. In this regard, the present invention relates to a computer system having any number of memory or storage units and capable of generating any number of applications and processes on any number of storage units or storage volumes. Embodiments of the present invention are applicable to environments that include server computers and client computers located in a network environment having remote or local storage devices. The present invention can also be applied to a stand-alone computing device having programming language functions, interpretation and execution functions.

(Embodiment)
FIG. 2 is a block diagram of an example system 200 that implements reliable and reliable execution of encryption techniques in data processing. The system 200 may include a client 210, a server 220, and a third party authentication device 230. Client 210 and server 220 may be one or more computers, each of which may be computer 110 already described with respect to FIG. Client 210 and server 220 may be communicatively coupled through a network, which may be a local area network (LAN) or a wide area network (WAN) such as the Internet. Alternatively, the client 210 may communicate with the server 220 through a direct connection and may be communicatively coupled to 220 through a network, or may not be coupled. The third-party authentication device 230 is physically located near the server 220 or observes the server 220 by other methods.

  Client 210 and server 220 process data and exchange data with each other. Any number of clients and servers may be included in the system 200. Server 220 includes encryption technology to ensure that the software on server 220 is secure and operates as expected. This technique also uses cryptographic keys to ensure that the server hardware is secure and hardware integrity is ensured. Such encryption techniques include encryption infrastructure 221, tamper-evident software and hardware 222, runtime security enforcement 223, and the like.

  The encryption infrastructure 221 may be an infrastructure well known to those skilled in the art, and enables parties to create cryptographically protected statements, data or certifications. The falsification revealing software and hardware 222 allows the software and hardware of the server 220 to be physically inspected to confirm that the data processing system has not been falsified and remains reliable. Such tamper-evident software and hardware 222 is well known to those skilled in the art. Runtime security enforcement 223 is for hardware or software that provides protection from external influences such as secure launch, application launch, authentication, shielded storage, software code changes after launch or launch, etc. Mechanism. Such runtime security enforcement 223 is well known to those skilled in the art.

  More specific examples of encryption technology include encrypted main memory, trusted physical module (TPM) that protects hardware secrets, secure startup, and software integrity to hardware Hardware root of trust (hardware-root-of-trust) realized based on the hardware root of trust providing shielded storage and encryption, license-based secret protection and software integrity based on software Information rights management (IRM: information rights management) or digital rights management (DRM: digital rights management) Nagement), hardware, software, licenses, there is a user and a management and authentication schemes encryption key to allow identification of the roll, access control and other data usage restrictions, or the like. Management and authentication schemes can be based on secret sharing, public-key infrastructure (PKI), key distribution centers (KDC), or license and policy description languages. These are just examples of encryption techniques for ensuring hardware and software security, and there are other such techniques.

  The third-party authentication device 230 is responsible for ensuring that the encryption technology that is to be implemented on the server 220 is implemented on the server 220 and proving it. The third-party authentication device 230 verifies that, for example, software and hardware on the server 220 are protected and function in a scheduled manner. Of course, the authentication device such as the third-party authentication device 230 may verify the encryption technology implemented on the client or another computer in addition to the server such as the server 220.

  More specifically, the third party authentication device 230 can execute the functions of the authentication 231 and the inspection 232. The third party authentication device 230 can authenticate the server 220 using encryption. The functions of the authentication 231 include an initial verification for the implementation on the server 220 of encryption technology (eg, encryption infrastructure 221, tamper-evident hardware and software 222 and runtime security enforcement 223). The authentication function also includes demonstrating to a party (eg, client 210) that such techniques are implemented. The third-party authentication device 230 or the server 220 can present to the client 210 or the user of the client 210 a reliable and reliable statement that the encryption technology is used and implemented on the server 220. . This statement can be in the form of authentication. Even if the authentication is a machine certificate, it may be encrypted so that the client 210 decrypts the authentication and verifies its authenticity. The client 210 can also include software that verifies the authenticity of the certificate, for example.

  The certificate may include a list of encryption technologies that are performed, and may include details regarding the version of the encryption technology, date of installation, date of authentication, and date of follow-up inspection. Certificates also include, for example, key verifiable hardware or key signed software. The certificate may include a policy regarding conditions that apply to the use of data supplied by the client 210. That is, the certificate can describe in detail how the data supplied by the client 210 is used, whether it is discarded after use, or the like. Furthermore, environmental information other than the above can be specified in the certificate.

  In addition to the initial audit of the server 220, the third party authentication device 230 is also responsible for performing the post-check 232 function. The functionality of the check 232 includes the server 220's function to verify that the encryption technology that is or is supposed to operate on the server 220 is actually operating according to a standardized scheme. Includes regular inspections. The functions of the check 232 can include a physical check of the server 220 including its hardware and software. Further, the functions of the inspection 232 include an operation test and inspection of the server 220 including the encryption technology implemented on the server 220.

  An example of system 200 is a system in which an end user on client 210 is the source of data sent to server 220 and the answer is also the source of queries that depend on the data provided by the user. be able to. In such a system, the server 220 can provide a data processing service for data that cannot be executed by the user. Further, such a system may include a data processing server 220 that uses a proprietary algorithm that is not available to end users on the client 210 (eg, because it is trade secret). Further, in the system 200, the client 210 may require that all data that the client 210 sends to the server 220 be deleted when the client 210 receives the result of the data processing. The third-party authentication device 230 confirms that the server 220 is set to perform such deletion during the execution of the function of the initial authentication 231. Further, the check function 232 can provide the third party authentication device 230 with an opportunity to periodically check the server 220 to verify that the client data has been used properly and then deleted.

  The system 200 further includes, for example, a system for collaborative filtering (eg, building a network of how hobbies and preferences are related), a system for building trading knowledge, and a client 210, etc. Provide the server 220 with information that requires careful handling by the client, and know the user's preferences regarding topics not directly included in the data, such as additional things the user may prefer, from the accumulated information Other systems can be included. The system 200 allows the user of the client 210 to gain confidence that the data will be handled according to predetermined conditions, and to trust the server 220 to share data that requires private or other sensitive handling. .

  FIG. 3 is a block diagram of an example system 300 for providing a reliable and reliable implementation of encryption technology in data processing within a company 305, according to one embodiment of the invention. The company 305 may include one or more employee computers 310, a company server 320, a database 325, and a company authentication device 330. The client 340 is also shown in the figure and interacts with the company 305. The employee computer 310, the company server 320, and the client 340 are one or more computers, each of which can be the computer 110 already described with respect to FIG. The employee computer 310 and the company server 320 are connected directly or in a communicable manner. The client 340 and the company server 320 may be communicatively connected through a network, which may be, for example, a LAN or a WAN. The company authentication device 330 may be physically located near the employee computer 310 and the company server 320. The company authentication device 330 can observe the employee computer 310 and the company server 320.

  The employee computer 310 and the company server 320 can process data and exchange data with each other. Data can be stored in database 325. The employee computer 310 and the company server 320 are encryption technologies already described with respect to FIG. 2, such as encryption infrastructure 311, 321, tamper-evident software and hardware 312, 322, runtime security enforcement 313, 323. Can be included.

  Client 340 may communicate information (through company server 320) to company 305 that the user of client 340 considers private. By implementing the encryption technology and executing the technology through the company authentication device 330, the user of the client 340 is confident that the private data remains private within the company 305 or is disposed of in accordance with predetermined conditions. Obtainable. For example, the company 305 may agree to delete private information from the data or delete the entire data when some task is completed.

  The company authentication device 330 can execute the functions of the authentication 331 and the check 332 to confirm that the encryption technology is implemented, and can provide information regarding the encryption technology to the client 340. In the system 300, the company authentication apparatus 330 can confirm that the encryption technology is installed in both the company server 320 and the employee computer 310. The company authenticator 330 can then communicate a reliable and reliable statement that the encryption technology is being used and implemented within the company 305, either through the company server 320 or otherwise. This statement contains a list of encryption technologies being implemented, and as mentioned above, details on technology version, installation date, certification date, follow-up check date, hardware and software keys, etc. be able to. The statement can be in the form of an authentication, which may be encrypted. Client 340 decrypts the authentication and verifies the authenticity of the statement.

  The company authentication device 330 can provide a mechanism for managing customer data in such a way that privacy obligations are fulfilled. By using the company authentication device 330, the company 305 can also provide all or part of the private data to a department or a business unit necessary for carrying out the business of the company.

  For example, the database 325 may include customer data that the company 305 uses for customer relationship management, such as sales and marketing operations, market research, product support, strategic planning, and the like. The company 305 may be required to limit the purpose of use of information that can identify an individual to what was intended when the data communication was performed. Company 305 may also have an explicit or implicit contract with the user of client 340 regarding the use of private data. The information rights management (IRM), digital rights management (DRM), or other system allows the company 305 and the company authentication device 330 to observe restrictions on the use of customer data within the company 305. Company 305 uses IRM, DRM or other systems to prevent, for example, mailing lists from being used for printing address labels or for purposes other than mail merge operations. The company 305 can protect the information in the mailing list by, for example, limiting the number of times the information in the mailing list can be used, or imposing data deletion after use. The company authentication device 330 can check the company server 320 and the employee computer 310 to confirm that the mailing list has been properly used and deleted.

  FIG. 4 is a block diagram of an example system 400 for providing a reliable and reliable implementation of encryption technology in processing data from a server 420 at a remote location 450. The system 400 can include a server 420, a third party authentication device 430, and a remote location 450. The remote location 450 may include a proxy 410 440 for the client 410 and the third party authentication device 430. Client 410 and server 420 may be one or more computers, each of which may be computer 110 already described with respect to FIG. Client 410 and server 420 may be communicatively coupled through a network. Alternatively, client 410 may be in communication with a server (not shown) at remote location 450, which can communicate with server 420. The third party authentication device 430 can be physically located in the vicinity of the server 420, or can observe the server 420 by other methods. The agency 440 of the third party authenticator 430 can be physically located at the remote location 450 or otherwise observe the client 410.

  The client 410 and the server 420 process data and exchange data with each other. The system 400 may include any number of clients and servers. Server 420 and client 410 may be provided with the encryption techniques already described to ensure hardware and software protection. Such encryption techniques include, for example, encryption infrastructure 421, 411, tamper-evident software and hardware 422, 412 and runtime security enforcement 423, 413 as previously described.

  As described above, the third-party authentication device 430 can provide the functions of the authentication 431 and the inspection 432, and can confirm and inform the server 420 that the encryption technology is installed. Further, the agency 440 may provide similar functions 441 and 442 to confirm that such a technique is implemented on the client 410. In this manner, the server 420 and the client 410 can exchange data with a reliable guarantee that the encryption technology is implemented and executed by each other.

  The agency 440 of the third-party authentication device 430 coordinates the functions of the authentication 441 and the inspection 442 with the third-party authentication device 430, and the user of the third-party authentication device 430 or the server 420 is trusted You may have a relationship that you can be confident of being. In another embodiment, there may be no relationship between the agency 440 and the third party authentication device 430. Instead of irrelevant, agency 440 may be another third-party authenticator that has credentials or otherwise proves to client 440 or server 420 that it is trusted. .

  The example system 400 may include a public library as a remote location 450 with a client 410. Client 410 may be a publicly accessible computer for a user to check their emails, for example. Server 420 may be an email server. Server 420 and the user can encrypt the remote location 450 (eg, a public library) to ensure that the user's data is not leaked and that email or other private data is deleted from the client 410 after each session. You may be interested in confirming that you are implementing the technology. The e-mail server 420 can request that the remote location 450 includes the agency 440 of the third party authentication device 430 to perform the functions of the authentication 441 and the check 442 described above. Alternatively, the email server 420 may have its own third-party authentication device similar to the third-party authentication device 430 to prove the implementation of the encryption technology that the remote location is executing on the client 410. Can be requested.

  FIG. 5 is a flow diagram of an example method 500 for providing reliable and reliable execution of encryption techniques in data processing. In step 510, the server requests data from the client. Upon receiving a request from the server, in step 520, the client requests the server to authenticate the implementation and execution of the encryption technique. Without such authentication, the client refuses to send the requested data to the server. In step 530, the server sends machine authentication, encrypted authentication, or other authentication to the client. Authentication is provided by third-party authentication devices, company authentication devices, third-party authentication device agencies, or other entities responsible for auditing and verifying that the server implements encryption technology. It may be.

  Authentication may refer to, for example, verifiable hardware comprising a key or software signed with a key. Authentication can also include a policy regarding how the data provided by the client is used and whether it is discarded after use. Furthermore, authentication can also provide environmental information. In step 540, the client reviews the authentication or other statement from the server, concludes that the server is implementing and executing encryption techniques, and can provide the requested data to the server.

  Of course, the method 500 is only one example for providing a reliable and reliable implementation of encryption technology. In another embodiment according to the present invention, the client may request data from the server, in which case the client provides authentication to the server, as in the system 400 already described with respect to FIG.

  The various techniques introduced herein can be implemented in the context of hardware or software, or a combination of both as appropriate. Thus, the method and apparatus according to the present invention or specific aspects or portions thereof are embodied in a tangible medium such as a floppy diskette, CD-ROM, hard drive or other machine-readable storage medium. In the form of program code (ie, instructions), where the program code is loaded into a machine (eg, a computer) and executed by the machine, with the machine for carrying out the invention Become. When the program code is executed on a programmable computer, the computing device is typically a processor, a processor-readable storage medium (including volatile and non-volatile memory and / or storage elements), at least one input device And at least one output device. One or more programs that utilize the creation and / or implementation of aspects of the domain-specific programming model of the present invention, for example through the use of data processing APIs and other, preferably are high-level procedures for communicating with a computer system. Implemented in type or object-oriented programming languages. However, the program can also be implemented in assembly or machine language, as desired. In either case, the language can be a compiled or interpreted language and can be combined with a hardware implementation.

  Although the invention has been described with reference to specific examples in connection with various drawings, other embodiments can be used and are introduced to perform the same functions as the invention without departing from the invention. Embodiments can be modified or added to. The examples are given for the purpose of illustrating the invention and do not in any way limit the scope of the invention as defined in the claims. For example, the company authentication apparatus 330 described with reference to FIG. 3 may authenticate both the employee computer 310 and the company server 320 or only the employee computer 310. For example, the third-party authentication device 230 described with reference to FIG. 2 may be a company authentication device similar to that described with reference to FIG. Further, for example, the system 400 may not have the prover 430. In summary, the present invention is not limited in any way to the examples introduced and described herein. Accordingly, the invention is not to be limited to any embodiment, but is to be construed in breadth and scope according to the appended claims.

1 is a block diagram illustrating an example computing environment in which some aspects of the invention may be implemented. 1 is a block diagram illustrating an example of a system that implements reliable and reliable execution of encryption technology in data processing according to the present invention. It is a block diagram which shows an example of the in-house system which implement | achieves the reliable reliable execution of the encryption technique in the data processing by this invention. 1 is a block diagram illustrating an example of a system that implements reliable and reliable execution of encryption technology in data processing on a client and a server according to the present invention. FIG. FIG. 5 is a flow diagram illustrating an example of a method for realizing reliable and reliable execution of encryption technology in data processing according to the present invention.

Claims (36)

A first computer having encryption technology and communicating with a second computer;
An authentication apparatus for confirming that the encryption technology is implemented on the first computer, wherein the authentication is transmitted to the second computer regarding the implementation of the encryption technology on the first computer. And an authentication device.   The system of claim 1, wherein the first computer is hardware, and the encryption technique provides security protection for the hardware.   The system of claim 1, wherein the first computer is software, and the encryption technique provides security protection for the software.   The system of claim 1, wherein the encryption technique provides cryptographically protected data.   The system according to claim 1, wherein the encryption technique provides tamper-evident software.   The system of claim 1, wherein the encryption technique provides tamper-evident hardware.   The system of claim 1, wherein the encryption technique provides runtime security enforcement.   The system according to claim 1, wherein the authentication device transmits the authentication to the second computer.   The system according to claim 1, wherein the authentication device is a third-party authentication device.   The system of claim 1, wherein the authentication device is local to one of the first computer and the second computer.   The system according to claim 1, wherein the first computer is a server, and the second computer is a client of the first computer.   The system according to claim 1, wherein the second computer is a server, and the first computer is a client of the second computer. A first encryption technology based on providing cryptographically protected data;
A second encryption technology based on providing secure software;
A third encryption technology based on providing secure hardware;
An authentication device for confirming that the first, second and third encryption technologies are implemented on the system;
A system characterized by comprising:   14. The system of claim 13, wherein the authentication device provides authentication relating to the implementation of the first, second, and third encryption techniques to a computer that communicates with the system.   14. The system of claim 13, wherein at least one of the first, second, and third encryption technologies provides runtime security enforcement. Verifying that the software on the computer includes encryption technology;
Verifying that the hardware on the computer includes encryption technology;
Sending an authentication indicating that the hardware and software on the computer includes encryption technology;
A method characterized by comprising:   The method of claim 16, wherein the authentication is encrypted.   The method of claim 16, wherein sending the authentication is sending the authentication to a client of the computer.   The method of claim 16, wherein sending the authentication is sending the authentication from a client of the computer to the computer.   The method of claim 16, wherein the computer includes cryptographically protected data.   The method of claim 16, wherein the computer includes tamper-evident software.   The method of claim 16, wherein the computer includes tamper-evident hardware.   The method of claim 16, wherein the computer includes a runtime security enforcement.   The method of claim 16, further comprising providing authentication from a third party authentication device.   The method of claim 16, further comprising receiving data from the computer, wherein the authentication includes conditions relating to use of the data.   The method of claim 25, wherein the condition is deletion of the data.   26. The method of claim 25, further comprising verifying compatibility with the condition. Verifying that the software on the computer includes encryption technology;
Verifying that the hardware on the computer includes encryption technology;
A computer-readable medium having recorded thereon computer-executable instructions for performing authentication to indicate that the hardware and software on the computer includes encryption technology.   30. The computer-readable medium of claim 28, further comprising computer-executable instructions for performing the step of sending the authentication to a second computer. Sending a request from the first computer for authentication about the implementation of the encryption technology on the second computer;
Receiving the authentication at the first computer.   The method of claim 30, further comprising verifying the authenticity of the authentication at the first computer. Setting conditions relating to the use of data on the first computer;
Sending data from the first computer to the second computer;
The method of claim 30, further comprising:   The method of claim 32, wherein the condition is deletion of the data.   The method of claim 32, wherein the condition calls for keeping private information contained in the data secret.   The method of claim 30, wherein the first computer is a server and the second computer is a client of the first computer. The method of claim 30, wherein the second computer is a server and the first computer is a client of the second computer.

Images